QR codes for hotel check-in

Pre-arrival forms, keyless entry, and express desk for repeat guests.

Published May 22, 2026Recommended: Dynamic URL

📷 Image placeholder

A hotel lobby desk with a discreet QR code placard for express check-in

Suggested source: Your own photo, or Wikimedia Commons search: 'hotel check-in desk'

A lobby-placed QR backs up the pre-arrival email for guests who didn't complete it on their phone. · Source: Your own photo, or Wikimedia Commons search: 'hotel check-in desk'

The major hotel groups have been chipping away at the front-desk bottleneck for a decade. Hilton Honors added mobile check-in and digital key in 2015, Marriott Bonvoy followed shortly after, and Accor, IHG, and Hyatt all ship something functionally equivalent in 2026. The pattern that's harder to copy, and where independent properties get left behind, isn't the app — it's the backend integration with the property management system (Opera, Protel, Mews, Cloudbeds) that lets a pre-arrival form actually write back to the reservation. For a branded flag with a central reservations system, the investment has already been amortized. For an independent boutique with 40 rooms, the QR-on-email approach is the pragmatic alternative: fast to deploy, no native app needed, and it hooks into whichever PMS you already run. The ID-capture side deserves more caution than it usually gets. Many jurisdictions require hotels to collect guest identification at check-in — France's décret no. 2015-1002, Italy's questura registration via Alloggiati Web, Spain's SES.Hospedajes system, Japan's Ryokan Business Act. The data protection obligations on top of that are heavy: GDPR for EU stays, CCPA for California, and specific retention periods that vary by country. Running an ID upload through a QR form means the form, the storage, and the retention policy all have to be compliant. This isn't a 'build it yourself on Typeform' situation. Use a vendor (Canary Technologies, Duve, Chekin) whose contract includes the data-protection liability, or spend the lawyer hours upfront. Three patterns are worth the effort. Pre-arrival ID and preferences that shorten the desk interaction. Per-stay dynamic QRs for keyless entry where the BLE infrastructure exists. An express feedback QR on checkout that segments your loyalty list without adding a new database.

Pattern 1Dynamic URL

Pre-arrival ID upload that respects jurisdictional rules

The pre-arrival QR is the lowest-risk, highest-leverage piece of the check-in stack. The confirmation email contains a QR (and a short URL as fallback for users who open the email on desktop) pointing at a form scoped to the reservation: ID photo, arrival time, parking, dietary notes for breakfast, preferred room setup. The form completes in about 90 seconds; the guest arrives, is recognized by name, and the key is printed in under a minute. The compliance layer is non-trivial. France requires the fiche individuelle de police for non-EU guests; Italy requires the Alloggiati Web filing within 24 hours; Spain transitioned to SES.Hospedajes in late 2024 with new data fields. A hand-rolled form almost certainly misses at least one of these. Canary Technologies and Duve both target this market and handle the PMS write-back to Opera, Mews, Cloudbeds, and others. The boutique-operator version: use a vendor, own the QR placement, and audit the retention policy quarterly. The cost is roughly $3–$8 per room per month; the break-even is one compliance fine avoided.

Pattern 2Dynamic URL

Per-stay keyless entry where the infrastructure exists

Digital key rollouts at major chains use Bluetooth Low Energy, not QR — your phone talks to the lock directly via the hotel's app. QR-based room entry is a different (and narrower) pattern: the reservation-specific QR activates a time-bounded link, which triggers a lock command through the hotel's network. This works where the lock infrastructure supports it (Assa Abloy's Vingcard and dormakaba's Saflok both have network-capable generations), and it's a reasonable substitute for properties that can't afford to push guests into a native app. The security model deserves care: the QR has to be scoped tightly (specific reservation, specific time window, single-use per door touch) and the activation has to happen over an authenticated channel the lock can trust. Don't try to encode credentials directly into the QR itself — encode a session token that redeems server-side. Independent boutiques generally can't justify this layer; branded midscale and upscale are where it lands. For everyone else, QR is the pre-arrival channel and plastic or RFID is still the key.

Pattern 3Dynamic URL

Checkout feedback QR that segments loyalty without a new tool

The folio QR — on the printed invoice or the email receipt — is the single-best-timed feedback moment in the stay. The guest just confirmed the charges, made their plane-catching calculations, and mentally rated the experience. A QR linking to a one-question form ('Would you stay again? Yes / No / Let us explain') captures actionable sentiment without triggering the survey fatigue that kills longer instruments. The operational detail that makes this pay back: route the answers into the existing CRM (Salesforce Hospitality, Revinate, Cendyn) as a single custom field — 'last_stay_nps.' Marketing automation picks it up: promoters get re-booking offers with rate flexibility; detractors get a manager call. Don't over-design the follow-up — the point is to stop marketing as if every guest is identical. The single-question format is load-bearing; I have watched operators expand to six questions and watch response rates drop from 28% to 4% in a quarter.

📷 A confirmation email on a phone screen with a QR code for pre-arrival check-in

Your own screenshot

Source: Your own screenshot

Printing and placement tips

Send the pre-arrival QR 24 hours before check-in. Earlier and guests archive the email; later and they don't open it until they're already at the desk.
Never store raw ID images longer than jurisdictional minimums. France's hospitality retention is 6 months; Spain's SES.Hospedajes is 3 years. Automate deletion — a manual policy gets forgotten.
Keep the desk as the explicit fallback. A tech-resistant guest who walks away feeling judged will cost you the Tripadvisor review; always offer 'prefer to do this at the desk?' on the landing page.

Build one now

The free generator handles every pattern above. Upgrade to Pro when you want dynamic destinations or scan analytics on top.

Open the generator Create a dynamic QR